Issue Brief: FERPA Notice of Proposed Rulemaking

On April 8, the United States Department of Education (ED) issued a notice of proposed rule-making (NPRM) in the Federal Register. See 76 Fed. Reg. 19726-19739 (April 8, 2011). The proposed rules are designed to facilitate the development and expansion of statewide longitudinal data systems (SLDS) by removing some of the legal stumbling blocks that have limited, or could limit, robust and useful SLDS. Comments on the proposals are due on or before May 23, 2011.[1]

The NPRM proposes changes to the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA is a federal law that protects student privacy by prohibiting educational agencies and institutions from disclosing personally identifiable information in student records unless a parent or eligible student provides prior written consent or a statutory exception applies.

The proposed changes to the definition of the term "authorized representative" are likely the most important. Currently, the rules require that educational authorities may only disclose educational records to entities over which they have ‰"direct control.‰" Accordingly, a state educational agency (SEA) is not able to disclose student academic records to another state agency, such as a state department of labor, since it does not have "direct control" over the other agency. ED affirmed and clarified this position in a January 30, 2003 memo, known as the ‰"Hansen Memorandum.‰" To address this, the proposed rule would add to the definition of "authorized representative" to include any individual or entity designated by an educational agency to carry out audits, evaluations, or enforcement or compliance activities relating to ‰"education programs‰" (make a note of this term). The change would provide the flexibility to allow inter-agency exchange of personally identifiable information in student education records without the prior consent of the parents or guardians.

Now return to the term "education program." The proposed rules would clarify that an ‰"education program‰" can include a program administered by a non-educational agency, such as labor or human services. Together, the changes to ‰"authorized representative‰" and ‰"education program‰" would allow data sharing among agencies and the authority to research a wide variety of programs, not just ED programs, so long as they are principally engaged in the provision of education. This could make SLDS significantly more useful.

The next notable proposed change would be a clarification of the notice that districts provide to parents regarding their child‰'s ‰"directory information.‰" ‰"Directory information‰" is defined as ‰"information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed.‰" It typically includes names, addresses, telephone listings, e-mail addresses, and other information that the school district has designated as directory information. The purpose of the information is to facilitate easier communication among parents, officials, students, and others. FERPA now requires an educational agency or institution to provide public notice to parents of the types of directory information that it would disclose and the right of the parents or eligible student to opt out.

The NPRM proposes to clarify that an educational agency or institution may limit what it includes as ‰"directory information‰" and ‰-- critically ‰-- how that information can be used and distributed. Districts and schools could, for example, limit the release of this directory information for specific purposes, to specific parties, or both as the district or educational agency sees fit. The intent is to grant educational agencies the authority to provide additional levels of security to ‰"directory information.‰" This would limit the ability of third parties, such as vendors, to access the directory information without parental consent.

The NPRM proposes other technical changes, including:

  • Clarifying that an educational agency may designate as ‰"directory information‰" a student ID number or other unique personal identifier that is displayed on a student ID card, if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user‰'s identity.
  • Clarifying that state educational agencies may enter into agreements on behalf of school districts with organizations conducting studies, once the law‰'s written agreement requirements are met. Districts can already enter into such agreements under FERPA.
  • Making it easier for state or local educational authorities to conduct an audit, evaluation, or compliance enforcement activity by removing current regulatory language requiring federal, state, or local authority. The removal of the ‰"authority‰" reference is intended to remove a barrier to implementing evaluations of the effectiveness of federal and state support of education programs.
  • Making it clear that FERPA‰'s enforcement procedures apply to SEAs and LEAs, regardless of where the student attends or if the agency did not generate the original student records. The law‰'s enforcement provisions will apply to any agency or other recipient of ED funds that has allegedly inappropriately disclosed the information.

Resources:

See 76 Fed. Reg. 19726-19739(April 8, 2011). Comments on the proposals are due to the Federal eRulemaking portal, http://www.regulations.gov, on or before May 23, 2011.

For more information contact david [at]whiteboardadvisors.com.

 

[1] Please visit the Federal eRulemaking portal at http://www.regulations.gov, docket ID ED-2011-OM-0002-0001